DST Password Reset
 [IBS Home] [Up] [Cfg Service Tools] [DST Password Reset] [Failed Examples] [Recommendations] [Recover qsecofr] [Save/Restore Security Data]

IBM Server Site

IBS Home Up

 

 

DST Password Reset

Additional Resources

IBM Links

Quick Reset

  1. Signon as qsecofr
  2. Go to a command line
  3. Type the following chgdstpwd password(*default) then press ENTER

    This is the same as option MU 19, 21 (Reset DST password).
     

  4. After pressing ENTER one of the 2 following messages will display

    SUCCESS MESSAGE
    DST security officer password changed.     < That means that the password has been successfully changed.

ERROR MESSAGE
If you receive the error message 'Not authorized to change IBM-supplied service tools user ID password.'  Sign off and go back to step 1 and start by signing on as QSECOFR!

 

Service tools user IDs

  • Service tools user IDs are user IDs that are required for accessing service functions through dedicated service tools (DST), system service tools (SST), System i™ Navigator (for logical partitions and disk unit management), and Operations Console.
  • Service tools user IDs are created through DST or SST and are separate from i5/OS® user profiles. IBM provides the following service tools user IDs:

 

User

Password

 

 qsecofr qsecofr

 

 qsrv qsrv

 

 22222222 22222222

 

 11111111 11111111
 

 

 

 

The passwords for service tools user IDs QSECOFR, QSRV, and 22222222 are shipped as expired. All service tools passwords are shipped in uppercase.
  • You can create a maximum of 100 service tools user IDs (including the four IBM-supplied user IDs). Specific authorities are granted to the IBM-provided service tools user IDs. The IBM-supplied service tools user ID 11111111 is useful when upgrading Operations Console.
Note: A QSECOFR user profile and a QSECOFR service tools user ID are provided with every system. The QSECOFR user profile and the QSECOFR service tools user ID are not the same. They exist in different locations and are used to access different functions.
  • Your QSECOFR service tools user ID can have a different password from your QSECOFR user profile.
  • Service tools user IDs have different password policies from user profiles.
Creating additional service tools user IDs allows a security administrator to manage and audit the use of service tools without giving out the passwords to the IBM-supplied service tools user IDs. You can create additional service tools user IDs using dedicated service tools (DST) or system service tools (SST).
 

Attention: If you lose or forget the passwords for all security officer profiles and all security service tools user IDs, you might need to install and initialize your system from distribution media to recover them. For this reason, it is suggested that you create multiple profiles and user IDs. Contact your service provider for assistance.

The passwords for service tools user IDs can have expiration dates, which allow you to minimize the security risk to your system. When users sign on with an expired password, they must change the password. A service tools user ID can be disabled, in which case it cannot be used at all until someone with the appropriate authority level re-enables it.

*IMPORTANT
If you receive the error message 'Not authorized to change IBM-supplied service tools user ID password.'  Sign off and go back to step 1 and start by signing on as QSECOFR!

Functional privileges for service tools user IDs

Functional privileges control which service functions can be accessed by any service tools user ID. You can set up functional privileges to grant or revoke the ability for a service tools user ID to access individual service functions. These examples show how you might want to use functional privileges.

  • You can allow one user to take communications and Licensed Internal Code traces and give a different user the functional privilege to manage disk units.
  • You can create a service tools user ID with the same functional privileges as the IBM-supplied QSECOFR service tools user ID. You can then disable the IBM-supplied QSECOFR service tools user ID. This prevents people from using the known QSECOFR user ID and helps protect your system from security risks.
You can manage the functional privileges through DST or SST. When set to revoked, the Start Service Tools privilege allows a service tools user ID to access service functions through DST, but restricts the user ID from accessing SST.
 

Before a user is allowed to use or perform a service function, a functional privilege check is performed. If a user has insufficient privileges, access to the service function is denied. There is an audit log to monitor service function use by service tools users.

*IMPORTANT
If you receive the error message 'Not authorized to change IBM-supplied service tools user ID password.'  Sign off and go back to step 1 and start by signing on as QSECOFR!

 

 
IBS Lumber and Building Material Software  Copyright © 2006 IBS Lumber Software Inc (TM)
Last modified: December 5, 2008

IBS Sales & Support (888) 427-1566
Main Office 1-812-547-4640
Fax IBS  1-812-547-9614

IBS Corporation - Building Materials Software for your Lumberyard

All pages contained in this support website are not intended for general public distribution.  Any material here can be considered private, confidential with various copyrights and restrictions against public release.  You 'the browser' cannot legally release this information for general public distribution.

IBS Webmail | IBS Corporate Site | IBS Homepage
remote support: http://www.gotomeeting.com | remote support download program